There is a massive cyber espionage campaign where attackers have been using a covert surveillance tool called NetTraveler to steal sensitive data and documents, and log keystrokes.
The campaign, in which advanced persistent threat (APT) actors use the malware to spy on their targets, has made over 350 high-profile victims in 40 countries, according to a report by security firm Kaspersky Lab.
The earliest samples of NetTraveler date back to 2005, but some activity might have existed since as early as 2004, according to Kaspersky.
Despite the fact that this is a relatively old campaign, those who run it have no intention of putting an end to it. In fact, the largest number of samples identified by Kaspersky has been developed over the past three years.
As far as the targets go, the list includes Tibetan activists, oil industry companies, universities, governments, governmental institutions, research centers, military contractors and embassies.
Most of the targets are from the diplomatic sector (32 percent), followed by governments, military and private organizations. The espionage group’s most recent domains of interest are energy production, nanotechnology, space exploration, nuclear power, lasers, communications and medicine.
The largest number of infections were in Mongolia, India and Russia. Other countries in which the malware made its rounds include China, South Korea, Germany, the U.S., Canada, the UK, Austria, Japan, Iran, Pakistan, Spain and Australia.
It’s worth noting that some of the victims of the NetTraveler campaign are also victims of the Red October operation.
Kaspersky said “based on collected intelligence, we estimate the group size to about 50 individuals, most of which speak Chinese natively and have knowledge of the English language.”
Click here to download the first part of the paper published by Kaspersky.